From d4913063320e52d9c3716732d8c6b7396a2288b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Tue, 28 Jan 2020 13:32:53 +0100 Subject: [PATCH 3/6] slirp: disable tcp_emu() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-id: <20200128133253.794107-2-marcandre.lureau@redhat.com> Patchwork-id: 93569 O-Subject: [RHEL-8.2.0 qemu-kvm + RHEL-7.7 qemu-kvm + RHEL-6.11 qemu-kvm PATCH 1/1] slirp: disable tcp_emu() Bugzilla: 1791679 RH-Acked-by: Danilo de Paula RH-Acked-by: Eduardo Habkost RH-Acked-by: Stefan Hajnoczi Since libslirp 4.1, tcp_emu() is disabled by default because it is known to cause several CVEs and is not useful today in most cases. Qemu upstream doesn't have an option to enable it back at this point, it's not clear if we ever want to expose that option anyway. See also upstream commit 07c2a44b67e ("emu: disable by default") Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1791677 Signed-off-by: Marc-André Lureau Signed-off-by: Miroslav Rezanina --- slirp/tcp_subr.c | 4 ++-- slirp/udp.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c index 8dae0cc..0ca7f02 100644 --- a/slirp/tcp_subr.c +++ b/slirp/tcp_subr.c @@ -516,7 +516,7 @@ tcp_tos(struct socket *so) while(tcptos[i].tos) { if ((tcptos[i].fport && (ntohs(so->so_fport) == tcptos[i].fport)) || (tcptos[i].lport && (ntohs(so->so_lport) == tcptos[i].lport))) { - so->so_emu = tcptos[i].emu; + so->so_emu = 0; /* disabled */ return tcptos[i].tos; } i++; @@ -526,7 +526,7 @@ tcp_tos(struct socket *so) for (emup = tcpemu; emup; emup = emup->next) { if ((emup->fport && (ntohs(so->so_fport) == emup->fport)) || (emup->lport && (ntohs(so->so_lport) == emup->lport))) { - so->so_emu = emup->emu; + so->so_emu = 0; /* disabled */ return emup->tos; } } diff --git a/slirp/udp.c b/slirp/udp.c index 2188176..ee92790 100644 --- a/slirp/udp.c +++ b/slirp/udp.c @@ -339,7 +339,7 @@ udp_tos(struct socket *so) while(udptos[i].tos) { if ((udptos[i].fport && ntohs(so->so_fport) == udptos[i].fport) || (udptos[i].lport && ntohs(so->so_lport) == udptos[i].lport)) { - so->so_emu = udptos[i].emu; + so->so_emu = 0; /* disabled */ return udptos[i].tos; } i++; -- 1.8.3.1